Protecting the security and privacy of my client’s Personal Health Information is very important to me. This document provides information regarding the steps taken to keep your information safe and confidential.
Designated Privacy and Security Officer for this Practice
Hannah Milford, MA, LPC-S, RPT-S is the designated Security Officer for my practice.
Hannah Milford, MA, LPC-S, RPT-S is the designated Privacy Officer for my practice.
All privacy and security questions, requests, and concerns should be directed to me and I will be responsible for handling them.
Privacy and Security Policies
All considerable measures have been taken to ensure confidentiality of emails & texts sent and received. Please be aware, however, of the risks taken when sharing personal or confidential information this way.
Some risks you take when sending emails or texts include: delivery of email to an incorrectly typed address.Email accounts can be “hacked”, giving a 3rd party access to email content and addresses.Email providers (i.e. Gmail, Comcast, Yahoo) keep a copy of each email on their servers, where it might be accessible to employees, etc. You have the right to opt out of emailing during the Counseling Intake.
Happy Camper Counseling ‘s practice takes certain precautions to help decrease the likelihood that your Personal Health Information is compromised.
Cell Phones contain password protection.When electronic devices, such as cell phones, computers, lap tops, etc. are retired, they are sanitized of information, before recycling.If there are any complaints filed against me, this will be recorded on our Complaints Form.
If there is a breach regarding the safety of your Personal Health Information, I will personally contact you to let you know the extent of the breach and what is being done to contain the situation.Hannah does not use any of your Personal Health Information for marketing purposes and does not sell any information to outside entities.
Happy Camper Counseling follows all Ethical Codes and State Laws, which help in securing your information.
Hannah has received training concerning HIPAA laws and compliance and will continue to attend trainings as required by law.
All HIPAA documentation will be kept on file for a minimum of 6 years. My training information is posted here.
Storage of Client Files:
Happy Camper Counseling stores client files under lock and key for 5 years after the last session.If something should happen to me, a designated counselor, listed in my Counseling Disclosure, would take possession of these files. They will store them under the same guidelines, protecting confidentiality.Once a file is ready to be destroyed, it is shredded.
Again, the protection of your Personal Health Information is important to me. Please let me know if you have questions or comments about our Privacy Policy.
Notice of Privacy Practices
Introduction
Happy Camper Counseling is required by law to maintain the privacy of Protected Health
Information (“PHI”), to provide individuals with notice of our legal duties and privacy practices
with respect to PHI, and to notify affected individuals following a breach of unsecured PHI. PHI
is information that may identify you and that relates to your past, present or future physical or
mental health or condition and relates to the provision of health care or payment for the provision
of health care for your past, present or future physical or mental health or condition and related
healthcare services. This Notice of Privacy Practices (“Notice”) describes how we may use and
disclose PHI to carry out treatment, obtain payment or perform our health care operations and for
other specified purposes that are permitted or required by law. The Notice also describes your
rights with respect to PHI about you.
We are required to follow the terms of this Notice currently in effect. We will not use or disclose
PHI about you without your written authorization, except as described in this Notice. We
reserve the right to change our practices and this Notice and to make the new Notice effective for
all PHI we maintain. Upon request, we will provide any revised Notice to you.
Our PledgeThe privacy of your personal health information (PHI) is important to us. Your PHI includes, but
is not limited to, medical, dental, pharmacy, and mental health information. This Notice
describes our privacy practices. Our privacy practices must be followed by all of our employees
and staff. This Notice tells you about the ways in which we may use and disclose your PHI.
Also described are your rights and certain obligations we have regarding the use and disclosure
of your PHI. We use and disclose your PHI in compliance with all applicable state and federal
laws.
How PHI about you may be usedThe following categories describe different ways that we use and disclose PHI.
For each category of use or disclosure, an explanation of what is meant and some examples are provided.
Not every use or disclosure in a category will be listed. However, all of the ways we are
permitted to use and disclose PHI will fall within one of the categories.
For Treatment. We may use or disclose your health information to provide and coordinate the
mental health treatment and services you receive. For example, if your mental health care needs
to be coordinated with the medical care provided to you by another physician, we may disclose
your health information to a physician or other healthcare provider.
For Payment. We may use and disclose your health information for various payment-related
functions, so that we can bill for and obtain payment for the treatment and services we provide
for you. For example, your PHI may be provided to an insurance company so that they will pay
claims for your care.
For Healthcare Operations. We may use and disclose your health information for certain
operational, administrative and quality assurance activities, in connection with our healthcare
operations. These uses and disclosures are necessary to run the practice and to make sure that
our patients receive quality treatment and services. For example, healthcare operations include
quality assessment and improvement activities, reviewing the competence or qualifications of
healthcare professionals, evaluating practitioner and provider performance, conducting training
programs, accreditation, certification, licensing or credentialing activities.
For Special Purposes. We are permitted under federal and applicable state law to use or
disclose your PHI without your permission only when certain circumstances may arise.
We are likely to use or disclose your PHI without your permission for the following purposes:
Individuals Involved in Your Care or Payment for Your Care. We may disclose PHI
to a close personal friend or family member who is involved in your medical care or
payment for your care.
Disclosures to Parents or Legal Guardians. If you are a minor, we may release your
PHI to your parents or legal guardians when we are permitted or required under federal
and applicable state law.
Worker’s Compensation. We may disclose your PHI to the extent authorized by and
necessary to comply with laws relating to worker’s compensation or other similar
programs established by law.
Public Health. We may disclose your PHI to federal, state, or local authorities, or other
entities charged with preventing or controlling disease, injury, or disability for public
health activities.
Health oversight activities: We may disclose your PHI to an oversight agency for
activities authorized by law. These oversight activities include audits, investigations, and
inspections, as necessary for our licensure and for government monitoring of the health
care system, government programs, and compliance with federal and applicable state law.
Law Enforcement. We may disclose your PHI for law enforcement purposes as
authorized or required by law or in response to a court order, subpoena, warrant,
summons, or similar process; to identify or locate a suspect, fugitive, material witness, or
missing person; about a death resulting from criminal conduct; about crimes on the
premises or against a member of our workforce; and in emergency circumstances, to
report a crime, the location, victims, or the identity, description, or location of the
perpetrator of a crime.
Judicial and administrative proceedings. If you are involved in a lawsuit or a legal
dispute, we may disclose your PHI in response to a court or administrative order,
subpoena, discovery request, or other lawful process.
United States Department of Health and Human Services. Under federal law, we are
required to disclose your PHI to the U.S. Department of Health and Human Services to
determine if we are in compliance with federal laws and regulations regarding the privacy
of health information.
Research. Under certain circumstances, we may use or disclose your PHI for research
purposes. However, before disclosing your PHI, the research project must be approved by
an institutional review board or privacy board that has reviewed the research proposal
and established protocols to ensure the privacy of your PHI.
Coroners, medical examiners, and funeral directors. We may release your PHI to
assist in identifying a deceased person or determine a cause of death.
Organ or tissue procurement organizations. Consistent with applicable law, we may
disclose your PHI to organ procurement organizations or other entities engaged in the
procurement, banking, or transplantation of organs for the purpose of tissue donation and
transplant.
Notification. We may use or disclose your PHI to assist in a disaster relief effort so that
your family, personal representative, or friends may be notified about your condition,
status, and location.
Correctional institution. If you are or become an inmate of a correctional institution, we
may disclose to the institution or its agents PHI necessary for your health and the health
and safety of others.
To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI to
appropriate authorities when necessary to prevent a serious threat to your health and
safety or the health and safety of another person or the public. We may disclose your
health information to appropriate authorities if we reasonably believe that you are a
possible victim of abuse, neglect, or domestic violence or the possible victim of other
crimes.
Military and Veterans. If you are a member of the armed forces, we may release your
PHI as required by military command authorities. We may also release PHI about foreign
military personnel to the appropriate military authority.
National Security, Intelligence Activities and Protective Services for the President
and Others. We may disclose your PHI to authorized federal officials for intelligence,
counterintelligence, provision of protection to the President, other authorized persons or
foreign heads of state, and other national security activities authorized by law.
As required by law. We must disclose your PHI when required to do so by applicable
federal or state law.
Treatment Alternatives. We may use and disclose PHI to tell you about or recommend
possible alternative treatments, therapies, health care providers, or settings of care that
may be of interest to you.
Health-Related Benefits and Services. We may use and disclose PHI to tell you about
health-related benefits or services that may be of interest to you.
Appointment Reminders. We may use or disclose PHI to provide you with appointment
reminders (such as voicemail messages, postcards, or letters). You have a right, as
explained below, to request restrictions or limitations on the PHI we disclose. You also
have a right, as explained below, to request that information be communicated with you
in a certain way or at a certain location.
Other Uses and Disclosures of PHI your Authorization.
We will obtain your written authorization before using or disclosing your
PHI for purposes other than those described above (or as otherwise permitted or required by
law). If you give us an authorization, you may revoke it by submitting a written notice to our
Privacy Officer at the address listed below. Your revocation will become effective upon our
receipt of your written notice. If you revoke your authorization, we will no longer use or disclose
health information about you for the reasons covered by the written authorization. Your
revocation will not affect any use or disclosures permitted by your authorization while it was in
effect. Unless you give us a written authorization, we cannot use or disclose your health
information for any reason except those described in this Notice.
Psychotherapy Notes. We will not use or disclose psychotherapy notes without your
written authorization, and only as permitted by law.
Marketing Health-Related Services. We will not use or disclose your protected health
information for marketing communications without your written authorization, and only
as permitted by law.
Sale of PHI. We will not sell your protected health information without your written
authorization, and only as permitted by law.
Changes to this noticeWe reserve the right to change our privacy practices and the terms of this Notice at any time,
provided such changes are permitted by applicable law. We reserve the right to make the
changed Notice effective for all health information that we maintain, including health
information we created or received before we made the changes. When we make a change in our
privacy practices, we will change this Notice and make the new Notice available to you.
YOUR HEALTH INFORMATION PRIVACY RIGHTSYou have privacy rights under federal and state laws that protect your health information. These
rights are important for you to know. You can exercise these rights, ask questions about them,
and file a complaint if you think that your rights are being denied or your health information isn’t
being protected. Providers and health insurers who are required to follow federal and state
privacy laws must comply with the following rights:
To Request Restrictions on Certain Uses and Disclosures of PHI. You have the right to
request restrictions on our use or disclosure of your PHI by sending a written request to the
Privacy Office. We are not required to agree to those restrictions. We cannot agree to
restrictions on uses or disclosures that are legally required, or which are necessary to administer
our business. We must agree to the request to restrict disclosure of PHI to a health plan if the
disclosure is for the purpose of carrying out payment or health care operations and is not
otherwise required by law, and the PHI pertains solely to a health care item or service for which
you, or another individual other than a health plan on behalf of you, has paid us in full.
To Request Confidential Communications. You have the right to request that PHI be
communicated to you by alternative means or at alternative locations. For example, you can ask
that you only be contacted at work or by mail. We will accommodate all reasonable requests.
To Access PHI. You have the right of access to inspect and obtain a copy of your PHI. You
may not be able to obtain all of your information in a few special cases. For example, if your
treatment provider determines that the information may endanger you or someone else. In most
cases, your copies must be given to you within fifteen (15) days. We may charge you a
reasonable, cost-based fee for the costs of copying, mailing and supplies that are necessary to
fulfill your request, and we are generally not required to provide the requested records until the
fee is paid.
In accordance with Texas law, you have the right to obtain a copy of your PHI in electronic form
for records if we maintain an Electronic Health Records (EHR) system capable of fulfilling the
request. Where applicable, we must provide those records to you or your legally authorized
representative in electronic form within fifteen (15) days of receipt of your written request and a
valid authorization for electronic disclosure of PHI. You may request a copy of an authorization
from the Privacy Office at the address below. We may charge you a reasonable, cost-based fee
for the costs of copying, mailing and supplies that are necessary to fulfill your request, and we
are generally not required to provide the requested records until the fee is paid.
To Obtain a Paper Copy of the Notice Upon Request. You may request a copy of our current
Notice at any time. Even if you have agreed to receive the Notice electronically, you are still
entitled to a paper copy. You may obtain a paper copy from the Privacy Office at the address
below. We may charge you a reasonable, cost-based fee for the costs of copying, mailing and
supplies that are necessary to fulfill your request, and we are generally not required to provide
the requested records until the fee is paid.
To Request an Amendment of PHI. If you feel that PHI we have about you is incorrect or
incomplete, you may request an amendment to the information. Requests must identify: (i) which
information you seek to amend, (ii) what corrections you would like to make, and (iii) why the
information needs to be amended. We will respond to your request in writing within 60 days
(with a possible 30-day extension). In our response, we will either: (i) agree to make the
amendment, or (ii) inform you of our denial, explain our reason, and outline appeal procedures.
If denied, you have the right to file a statement of disagreement with the decision. We will
provide a rebuttal to your statement and maintain appropriate records of your disagreement and
our rebuttal.
To Receive an Accounting of Disclosures. You have the right to request an accounting of your
PHI disclosures for purposes other than treatment, payment or healthcare operations. Your
request must state a time period. The time period for the accounting of disclosures must be
limited to less than 6 years from the date of the request. We will respond in writing within 60
days of receipt of your request (with a possible 30-day extension). We will provide an
accounting per 12-month period free of charge, but you may be charged for the cost of any
subsequent accountings. We will notify you in advance of the cost involved, and you may choose
to withdraw or modify your request at that time.
To Notification in the Event of a Breach. You have a right to be notified of an impermissible
use or disclosure that compromises the security or privacy of your PHI. We will provide notice
to you as soon as is reasonably possible and no later than sixty (60) calendar days after discovery
of the breach and in accordance with federal and state law.
To File a Complaint. If you believe your privacy rights have been violated, you may file a
complaint with our privacy officer, listed below. You may also file a complaint directly with any
or all of the following federal and state agencies: the Secretary of the Department of Health and
Human Services, the Office of the Attorney General of Texas, or the Texas State Board of
Examiners of Professional Counselors. We will provide you with the addresses to file your
complaint with the Secretary, the Office of the Attorney General of Texas and the Texas State
Board of Examiners of Professional Counselors upon request. You
will not be penalized in any way for filing a complaint. However, if you file a complaint, our
professional ethics and board rules may require us to terminate our therapeutic relationship with
you and refer you to other providers.
If you want more information about our privacy practices or have questions or concerns, please
contact us.
Privacy Officer:
Hannah Milford, LPC-S, RPT-S
Happy Camper Counseling
1503 Pyramid Dr. Austin, TX 78734
Telephone: (512) 402-3163
E-mail: [email protected]